The electronics firm initially appealed the decision levied by the Information Commissioner’s Office (ICO), but an update released by the ICO on Friday — via Engadget — confirmed it has agreed to reluctantly pay up. Sony dropped its appeal because it did not want to provide details relating to its security system.

Commenting in January, Sony said it “strongly disagreed” with the ruling, claiming that it was the victim of an attack and that there was no evidence that customers’ card details, which were encrypted, were lost.

The PlayStation Network had more than 70 million users when it was attacked in April 2011. Hackers were thought to have gained access to millions of customers’ names, email address, physical addresses, dates of birth and passwords. While it was unclear whether cards details were accessed, the ICO considered the details to have been “at risk”.

Sony has since beefed up the security measures that protect its network and, though the fine is not significant to a multinational firm of its size, the ICO’s attribution of blame was noteworthy given the rise in hacking and cyber-attacks.

“There’s no disguising that this is a business that should have known better,” David Smith, the Deputy Commissioner and Director of Data Protection, said in a statement in January. “It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.”